Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1587/EM8Mq0tuQwiD0QzNO6S-MBgjnmQ.roa
File: EM8Mq0tuQwiD0QzNO6S-MBgjnmQ.roa (raw, json)
Hash identifier: Wuvx2xEPbvtcHwzCHgxwltJqe9Y1uivqf3ZchdgMl18=
Subject key identifier: 10:CF:0C:AB:4B:6E:43:08:83:D1:0C:CD:3B:A4:BE:30:18:23:9E:64
Certificate issuer: /CN=2DE14F2AC7F0238137052EAA315C5BD643134022
Certificate serial: 1BFB
Authority key identifier: 2D:E1:4F:2A:C7:F0:23:81:37:05:2E:AA:31:5C:5B:D6:43:13:40:22
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LeFPKsfwI4E3BS6qMVxb1kMTQCI.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1587/EM8Mq0tuQwiD0QzNO6S-MBgjnmQ.roa
Signing time: Fri 17 Jan 2025 01:26:22 +0000
ROA not before: Fri 17 Jan 2025 01:26:22 +0000
ROA not after: Sat 27 Sep 2025 02:40:14 +0000
asID: 63689
IP address blocks: 2402:1440::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7163 (0x1bfb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2DE14F2AC7F0238137052EAA315C5BD643134022
Validity
Not Before: Jan 17 01:26:22 2025 GMT
Not After : Sep 27 02:40:14 2025 GMT
Subject: CN=10CF0CAB4B6E430883D10CCD3BA4BE3018239E64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:b1:b7:18:a2:67:70:25:20:ce:38:04:a8:68:
42:9b:a7:d0:f3:f9:75:13:3d:54:8a:3d:88:22:d4:
76:1a:46:0c:50:2a:b9:ec:6e:ef:15:08:eb:c0:91:
42:c7:df:8f:01:01:60:ed:b0:3b:3e:87:23:98:97:
30:de:3d:27:a5:77:b1:a7:22:35:27:50:d7:e1:7b:
7b:53:bf:e7:1c:f9:eb:86:7a:4d:d9:4a:9a:50:9a:
ba:51:27:12:0e:49:76:42:be:0e:06:99:5e:e9:00:
10:56:90:8e:c8:09:e7:83:7d:47:bf:0c:b4:66:e9:
6f:90:94:d6:97:72:3b:bc:c5:35:7d:0f:a3:8b:b0:
24:7b:5f:9a:dd:36:58:07:1f:bb:67:74:1b:3f:20:
3b:d0:1f:21:28:42:b5:da:54:5a:0b:68:2e:cd:66:
f2:61:e8:88:eb:d1:6a:ae:d7:49:70:76:b6:94:0b:
81:87:a6:22:42:bd:df:69:52:29:bd:d2:67:21:e2:
71:73:46:30:16:51:66:38:44:bf:f6:b8:ee:a0:cc:
f4:e2:dd:3b:27:07:98:a3:bd:e6:a1:f7:f9:6e:d9:
68:a7:b3:1e:a2:5d:8a:c7:fc:c4:4f:9b:ae:3e:f3:
91:f6:ea:c6:b3:b0:3c:6f:ce:91:de:85:ef:f6:dd:
43:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:CF:0C:AB:4B:6E:43:08:83:D1:0C:CD:3B:A4:BE:30:18:23:9E:64
X509v3 Authority Key Identifier:
keyid:2D:E1:4F:2A:C7:F0:23:81:37:05:2E:AA:31:5C:5B:D6:43:13:40:22
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1587/LeFPKsfwI4E3BS6qMVxb1kMTQCI.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LeFPKsfwI4E3BS6qMVxb1kMTQCI.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1587/EM8Mq0tuQwiD0QzNO6S-MBgjnmQ.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv6:
2402:1440::/32
Signature Algorithm: sha256WithRSAEncryption
3d:1b:e6:18:2d:44:5a:ea:d9:aa:21:0e:d7:35:71:e9:44:ff:
df:ef:45:30:58:54:92:d0:3e:30:d1:95:6b:45:a5:ae:27:c9:
f5:9a:ed:96:97:f9:4c:37:83:d8:33:a0:47:26:24:3c:61:0f:
3a:37:e4:61:f3:bb:ad:86:62:02:20:62:ee:42:db:37:d5:b8:
19:92:8a:0f:80:fa:e8:6e:fa:e4:0a:2e:bb:d4:d0:f3:1b:f2:
8b:6e:e2:67:32:a3:16:ca:57:fc:68:5f:83:45:d0:f0:c4:1f:
6b:e8:de:fb:ae:f0:13:aa:5f:4a:47:9e:23:9d:91:12:7f:50:
86:b7:82:0c:8e:21:52:10:28:64:31:4b:d1:68:13:87:0f:13:
05:8e:64:48:96:dc:dc:6b:30:7a:44:e0:ee:8d:05:b1:01:11:
8a:9e:26:39:6b:6f:dc:f4:fa:b8:0f:94:9d:89:e9:40:e0:5f:
24:24:cb:b3:7f:71:f5:e3:01:7c:8a:dd:ee:1e:37:e6:8a:ed:
1a:9a:ae:99:d8:9f:6a:1c:e4:d8:f6:86:f0:2e:16:66:0e:1e:
ac:16:16:7a:d5:ae:8a:55:a7:92:7f:05:27:5e:25:ee:66:82:
b5:bc:d2:fe:c5:06:21:31:3d:21:75:a8:82:e2:8e:18:f7:a5:
66:31:e1:46
-----BEGIN CERTIFICATE-----
MIIE2DCCA8CgAwIBAgICG/swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkRF
MTRGMkFDN0YwMjM4MTM3MDUyRUFBMzE1QzVCRDY0MzEzNDAyMjAeFw0yNTAxMTcw
MTI2MjJaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDEwQ0YwQ0FCNEI2RTQz
MDg4M0QxMENDRDNCQTRCRTMwMTgyMzlFNjQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDYsbcYomdwJSDOOASoaEKbp9Dz+XUTPVSKPYgi1HYaRgxQKrns
bu8VCOvAkULH348BAWDtsDs+hyOYlzDePSeld7GnIjUnUNfhe3tTv+cc+euGek3Z
SppQmrpRJxIOSXZCvg4GmV7pABBWkI7ICeeDfUe/DLRm6W+QlNaXcju8xTV9D6OL
sCR7X5rdNlgHH7tndBs/IDvQHyEoQrXaVFoLaC7NZvJh6Ijr0Wqu10lwdraUC4GH
piJCvd9pUim90mch4nFzRjAWUWY4RL/2uO6gzPTi3TsnB5ijveah9/lu2Winsx6i
XYrH/MRPm64+85H26sazsDxvzpHehe/23UM5AgMBAAGjggH0MIIB8DAdBgNVHQ4E
FgQUEM8Mq0tuQwiD0QzNO6S+MBgjnmQwHwYDVR0jBBgwFoAULeFPKsfwI4E3BS6q
MVxb1kMTQCIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTU4
Ny9MZUZQS3Nmd0k0RTNCUzZxTVZ4YjFrTVRRQ0kuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0xlRlBLc2Z3STRFM0JTNnFNVnhiMWtNVFFDSS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE1ODcvRU04TXEwdHVRd2lE
MFF6Tk82Uy1NQmdqbm1RLnJvYTAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIw
BwMFACQCFEAwDQYJKoZIhvcNAQELBQADggEBAD0b5hgtRFrq2aohDtc1celE/9/v
RTBYVJLQPjDRlWtFpa4nyfWa7ZaX+Uw3g9gzoEcmJDxhDzo35GHzu62GYgIgYu5C
2zfVuBmSig+A+uhu+uQKLrvU0PMb8otu4mcyoxbKV/xoX4NF0PDEH2vo3vuu8BOq
X0pHniOdkRJ/UIa3ggyOIVIQKGQxS9FoE4cPEwWOZEiW3NxrMHpE4O6NBbEBEYqe
Jjlrb9z0+rgPlJ2J6UDgXyQky7N/cfXjAXyK3e4eN+aK7RqarpnYn2oc5Nj2hvAu
FmYOHqwWFnrVropVp5J/BSdeJe5mgrW80v7FBiExPSF1qILijhj3pWYx4UY=
-----END CERTIFICATE-----
Generated at Fri Apr 4 18:48:49 2025 by rpki-client